Voltage Security says US Army’s data insecurity problems are a lesson for us all

CUPERTINO, Calif., April 3, 2013 — Commenting on a report from the US Inspector General’s office on the effects of BYOD (bring your own devices) on US military data security – which found that military command was unaware of more than 14,000 mobile devices in active use across the US Army – Voltage Security says this is a classic example of what happens on the data security front in very large organisations.

According to Mark Bower, VP of Product Management with the data-centric security and stateless key management specialist, even in a highly controlled organisation the size of the US Army – which has around 560,000 active staff and about the same number of Reserves and National Guard personnel – there are going to be operations where staff, for various reasons, ignore their corporate security mandates.

“And it is exactly the same in a large enterprise, as not only do you need security policies, but you need the technology in place to enforce those policies, and ensure the governance surrounding the data as it flows into, across and out of the organisation,” he said.

“This is where an effective data-centric security strategy enters the frame, as even in an organization the size of the US Army with its 1.12 million personnel, there is a need to ensure that all of the data remains protected and private anywhere it moves, anywhere it resides, and however it is used,” he added.

Bower went on to say that a lack of technology to both enforce the required security policies – as well as control what happens to the data, whether it is held in a local or cloud environment, or even across a mobile device – is almost certainly the reason why the US Army had more than 14,000 smartphones and tablet computers floating around outside of its direct security control.

Bower says that it is also revealing that the US Army command allowed sensitive data to be stored on the portable devices, which suggests that at least some of the smartphones and tablet computers were owned by the government, as well as army personnel themselves.

It is also very worrying, he adds, that US Army staff are also storing military data on their own personal smartphones and tablet computers, as this report seems to imply.

“The US Army has come a long way since the days of `Full Metal Jacket’ – Stanley Kubrick’s seminal Vietnam war movie of 1987 – as today’s battles are fought with the aid of computers and other Theatre of War IT systems. As a result, encrypting the data as it is used and moved across the army network, through the cloud and over mobile devices, assumes paramount importance,” he said.

“It is not exaggerating to say that the loss of data in today’s military could give the enemy an upper hand in a battlefield situation – as well as potentially resulting in unnecessary loss of lives. This takes the data protection aspect of security to a completely new level,” he added. “And let’s not forget, it just takes one email and attachment containing sensitive materials to fall into enemy hands to create a breach that’s difficult to contain – the stakes are high.”